Bug 1090598 added a call to prctl(PR_SET_PTRACER, PR_SET_PTRACER_ANY) in the crash signal handlers used when the crash reporter is disabled (e.g., desktop debug builds) so that gdb can attach even if the Yama LSM would otherwise prevent that. Content processes allow all prctl()s for now (although we'd like to restrict that eventually), but GMP processes have a small allowed list and PR_SET_PTRACER isn't on it.
The result is that if a GMP process segfaults (or similar) on Linux with the crash reporter disabled, it will take SIGSYS in the crash handler and the SIGSYS handler will complain and immediately terminate the process, which prevents debugging it.
Adding PR_SET_PTRACER to the policy is simple (and reasonably safe — prctl affects only the calling thread, and we already allow PR_SET_DUMPABLE, which is similar, for the crash reporter).

…except that even with PR_SET_PTRACER allowed, the process gets immediately killed anyway, because the IPC channel observes an error and is destroyed, for reasons that aren't immediately clear. But I already have a patch for this problem, so I might as well.

Comment on attachment 8776732[details][diff][review]bug1290618-allow-ptracer-hg0.diff
Approval Request Comment
[Feature/regressing bug #]: Widevine EME on Linux
[User impact if declined]: Without this patch, debugging the sandbox issues fixed in other uplifts I've just requested is very hard.
[Describe test coverage new/current, TreeHerder]: We have plenty of EME mochitests, which run on Linux inside the sandbox.
[Risks and why]: Low; this is tweaking how the sandbox interacts with debuggers
[String/UUID change made/needed]: None